The previous logs were messy and hard to interpret, offering too little detail to understand user activity.
We decided to show more information to users to empower them to find answers on their own — including details on where and how authentication methods were performed — and to combine related events into a single entry when they occurred within an appropriate time frame.
Still, it was my responsibility to determine exactly what needed to be shown and how. To do that, I started with a competitive analysis and early sketching.
Old logs
Separate entries for a single login journey.
The admin had to analyze each entry to understand the user’s full login story.
New logs
Consolidated login attempts into one entry to show the complete login journey.
Expert feedback on early sketches guided the initial design, allowing timely delivery under crunch time.
I shared early sketches for feedback — the first step in the iteration process.
At first new UI included two main zones: alerts and second new logs.
Later only logs where prioritized as an MVP.
Mid-fi design used to get early feedback from a security expert.
The final design focused on logs with clear context and narrative, enabling admins
to perform quick or in-depth analysis.
I introduced powerful filter that makes finding the right data fast and effortless.
The final action summarizes the login journey, showing how users access the platform.
Clear iconography helps admins focus on what matters and expand entries for details.
Showing names instead of IDs for easier recognition.
Alerts draw attention to unusual or critical activity
After launch, the redesigned logs improved admin investigations, reduced CS tickets by 42%, and became a UI pattern adopted by other teams.
After Access logs launched, support tickets about admin access issues dropped by 42%, unblocking admins and speeding up issue investigation.
The table design was later adopted by another teams for Clever’s identity product—an intern was able to implement it despite the complex UI, and Audit logs.
